Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

webaways — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting webaways. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by webaways:NEX-Forms – Ultimate Forms Plugin for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-639 7.5 High2026-03-15
CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-862 4.3 Medium2026-03-14
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-862 5.3 Medium2026-01-31
CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-89 4.9 Medium2025-10-11
CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-79 6.4 Medium2025-05-08
CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-94 6.3 Medium2025-05-08
CVE-2024-13498 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-200 5.3 Medium2025-03-12
CVE-2024-10862 NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-89 4.9 Medium2024-12-25
CVE-2024-1129 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred() — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-862 5.3 Medium2024-02-01
CVE-2024-1130 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read() — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-862 5.3 Medium2024-02-01
CVE-2024-0907 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records() — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-862 5.3 Medium2024-02-01
CVE-2020-36670 NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions — NEX-Forms – Ultimate Forms Plugin for WordPressCWE-862 6.3 Medium2023-03-07

This page lists every published CVE security advisory associated with webaways. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.